Need help setting up simple site to site VPN

As the title says, I need help setting up (Open) VPN bridge between two networks.

I have two routers. One is RT-N16 (running latest VLAN Toastman) and the other is WRT54G v2 (also running latest K2.4 Toastman). RT-N16 is server with LAN ip range 10.1.1.1/24 and WRT is client with range 10.1.2.1/24. My goal is to have two networks "see" each other so I can browse computers on both side from either side (most importantly NAS which is on RT-N16 side). And if old LAN games work (Warcraft 3, Starcraft, BOTF, Unreal Tournament etc etc) it's an added bonus - they should.

Everything it done according to tutorials. I created certificates, keys for both routers. I've set up dyndns since i don't have fixed WAN IPs. Client connects to server but other than that, it doesn't really work. Logs aren't of much help since i'm only getting bytecount and similar stuff from it.

Yep, skipped part about key creation since i already had them. Otherwise, I tried yours too. Btw when i follow your tutorial, routes never get pushed to client (Server / Status / Routing table) - only shows 10.8.0.6 as virtual address... I tried rebooting both servers and clients several times. And internet access dies on client, but router remains accessible from outside (luckily i enabled that, otherwise i would be lookin' at another reset).

Sounds like the setup is correct (you can connect and ping the openvpn server from a connected client) but you're incorrectly creating the routes for connected clients.

The 'Common Name' is the name YOU set when you created the keys, it has nothing to do with the router name/hostname.

Since you said your RTN16 is the server with subnet 10.1.1.1/24, under the 'Allow these clients' you need to add the route for your client, not server. So add your WRT's Common Name, with subnet 10.1.2.1/24 and push it.

Qui - i encountered some errors following your tutorial (mostly because it wouldn't pick up proper openssl after installing entware and packages), it worked nevertheless with existing keys i had before so i could skip entire part about generating keys. i will however reduce key to 1024bit since it takes forever to handshake when client connects

Malitiacurt - you were right, it was typo in Common Name (that's why i was so sure i configured it correctly) - works flawlessly now and routes get pushed properly as soon as client connects

Now for the final question - is windows network discovery possible over VPN?

I know VPN insists on different subnets for server and client and creates one of it's own too... Since i have server and client networks pretty close one to another (10.1.1.1/10.1.2.1) - would it work if i specified 255.255.252.0 as subnet mask (that should theoretically make windows look everywhere from 10.1.0.1 to 10.1.3.254)?

P.S. VERY IMPORTANT

On server side - DO NOT ATTEMPT TO KEEP KEYS IN WEBGUI PART as it will max out NVRAM space and result in partial or complete loss nvram data

UPDATE - Switching from TUN to TAP actually solved all my "problems". I now have fully functional VPN bridge between two networks that see each other and can browse each other without a hickup. TAP also appears to be working better than TUN in terms of speed but also router load.

Qui - i encountered some errors following your tutorial (mostly because it wouldn't pick up proper openssl after installing entware and packages), it worked nevertheless with existing keys i had before so i could skip entire part about generating keys. i will however reduce key to 1024bit since it takes forever to handshake when client connects

Click to expand...

Thanks for the feedback. I have the following line to address the openssl issue you mentioned (did it not work)?